SonicOS 7.0 Objects
- SonicOS 7.0
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object Viewer
- SonicWall Support
Marking
After the traffic has been classified, if it is to be handled by QoS capable external systems (for example, CoS aware switches or routers as might be available on a premium service provider’s infrastructure or on a private WAN), it must be tagged so that the external systems can make use of the classification, and provide the correct handling and Per Hop Behaviors (PHB).
Originally, this was attempted at the IP layer (layer 3) with RFC791’s three Precedence bits and RFC1394 ToS (type of service) field, but this was used by a grand total of 17 people throughout history. Its successor, RFC2474 introduced the much more practical and widely used DSCP (Differentiated Services Code Point) which offered up to 64 classifications, as well as user-definable classes. DSCP was further enhanced by RFC2598 (Expedited Forwarding, intended to provide leased-line behaviors) and RFC2697 (Assured Forwarding levels within classes, also known as Gold, Silver, and Bronze levels).
DSCP is a safe marking method for traffic that traverses public networks because there is no risk of incompatibility. At the very worst, a hop along the path might disregard or strip the DSCP tag, but it rarely mistreats or discards the packet.
The other prevalent method of CoS marking is IEEE 802.1p. 802.1p occurs at the MAC layer (layer 2) and is closely related to IEEE 802.1Q VLAN marking, sharing the same 16-bit field, although it is actually defined in the IEEE 802.1D standard. Unlike DSCP, 802.1p only works with 802.1p capable equipment, and is not universally interoperable. Additionally, 802.1p, because of its different packet structure, can rarely traverse wide-area networks, even private WANs. Nonetheless, 802.1p is gaining wide support among Voice and Video over IP vendors, so a solution for supporting 802.1p across network boundaries (such as WAN links) was introduced in the form of 802.1p to DSCP mapping.
802.1p to DSCP mapping allows 802.1p tags from one LAN to be mapped to DSCP values by SonicOS, allowing the packets to safely traverse WAN links. When the packets arrive on the other side of the WAN or VPN, the receiving SonicOS appliance can then map the DSCP tags back to 802.1p tags for use on that LAN. For more information, refer to 802.1p and DSCP QoS.
Was This Article Helpful?
Help us to improve our support portal